“Our goal is to identify not only the attacks in real time, but also what and who is behind them,” says CrowdStrike CEP George Kurtz.

In fact, Tomer Teller, security evangelist for Check Point, says time is on the side of security vendors. Ninety-nine percent of security attacks make use of known vulnerabilities and attack methods. As security vendors get more proficient with big data analytics, only a handful of hackers will have the requisite skills to create a unique attack that doesn’t leverage a previously identified pattern. Once a pattern is recognized, automation tools can be used to remediate the vulnerability long before the attack is launched, says Teller. Eventually, the cost of launching attacks will become prohibitively expensive, he says.

“The cost of building the perfect attack is definitely going to rise,” says Teller. “In contrast, IT security itself doesn’t have to be expensive. It just has to be good.”

As a result, a lot of the debate about security these days is over how to most effectively capture and act on security intelligence.

“The delivery point for security has to be the infrastructure itself,” says Bill Boyle, director of product management security intelligence operations for Cisco. “That’s why we’re embedding security as a service into our products.”

To bolster that effort, Cisco moved to acquire SourceFire earlier this week as part of an effort to respond to APTs.

Beyond the actual threats, what’s keeping CIOs up at night is the ever-increasing cost of security. As a percentage of the overall IT budget, security costs have steadily risen in recent years. Security intelligence services delivered via the cloud or embedded inside IT infrastructure represent a way to bring those costs under control by relying more on pattern recognition and IT automation to mitigate threats across the enterprise.

For that reason, organizations such as Riverside Healthcare are evaluating security vendors based on their level of security intelligence. According to Riverside healthcare Chief Security Officer Eric Devine, the security requirements that health-care providers are being asked to meet are steadily rising as personally identifiable information comes under more targeted attacks. Riverside Healthcare recently opted to deploy security firewalls from Fortinet, which Devine says not only provides the needed intelligence but also a framework through which Riverside Healthcare can quickly respond once a threat is discovered.

“Security is all about being able to change and react,” says Devine. “But we don’t have the budget to dedicate people to log management.”

Ultimately, security these days is about balancing threats against costs. But unless IT departments have more visibility into the threats being aimed at their organization, chances are they will wind up spending more money on security to little or no avail.

“To do security right you have to be able to tell someone how the company is being targeted and what needs to be done to mitigate it,” says Gartner’s Ahlm. “You need to be able to put context around the security.”

Articles by Type

Advertiser Disclosure:
Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.